From owner-freebsd-security@FreeBSD.ORG Thu Jan 26 23:34:43 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 104AD16A422 for ; Thu, 26 Jan 2006 23:34:43 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: from web52101.mail.yahoo.com (web52101.mail.yahoo.com [206.190.48.104]) by mx1.FreeBSD.org (Postfix) with SMTP id 0376043D5A for ; Thu, 26 Jan 2006 23:34:40 +0000 (GMT) (envelope-from ipfreak@yahoo.com) Received: (qmail 62353 invoked by uid 60001); 26 Jan 2006 23:34:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=gYV01iyeyy8ZK2NBtVG4WMS0tUyupuYAj6graK9jELReISB1iN9Z6hM5MNBwS//qydUVGCHPMgEJl1CopOiOvJs2MgTbLyy0SG/UeldeDaJ1vudgiwP1XdhFbLCOjMTwkjpX0KckKk6qmHrQb+1MY3twvwsYFLZAeh6dTpoeugk= ; Message-ID: <20060126233439.62351.qmail@web52101.mail.yahoo.com> Received: from [200.38.156.194] by web52101.mail.yahoo.com via HTTP; Thu, 26 Jan 2006 15:34:39 PST Date: Thu, 26 Jan 2006 15:34:39 -0800 (PST) From: gahn To: freebsd security , freebsd general questions MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: strange problem with ipfw and rc.conf X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2006 23:34:43 -0000 Hi all: I have strange probelm with rc.conf. I set up ipfw (compiled into kernel) on freebsd-5.4 and it doesn't seem to load ipfw rulesets (it uses default ruleset 65335 locking out everything). I have to do "sh /etc/ipfw.rules" in order to load the rulesets, once I did that, I can access the box from remote locations here is my rc.conf: host# more /etc/rc.conf network_interfaces="lo0 em0 dc0 rl0 plip0" kern_securelevel="2" kern_securelevel_enable="YES" linux_enable="YES" named_enable="YES" nisdomainname="NO" sshd_enable="YES" usbd_enable="YES" hostname="sis" tcp_keepalive="YES" tcp_extensions="YES" ifconfig_em0="inet 192.168.128.222/24" ifconfig_dc0="inet 192.168.1.4/24" ifconfig_rl0="inet 10.10.75.126/24" defaultrouter="192.168.128.1" static_routes="net1 net2" route_net1="-net 192.168.0.0/22 192.168.1.1" route_net2="-net 10.10.0.0/16 10.10.128.1" firewall_script="/etc/ipfw.rules" firewall_type="simple" firewall_quiet="YES" ipfilter_enable="YES" ipfilter_rules="/etc/ipf.rules" ipmon_enable="YES" ipmon_flags="-Ds" mpd_enable="YES" also my customized kernel (partial): options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_VERBOSE_LIMIT=10 #limit verbosity #options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by default options IPFIREWALL_FORWARD #packet destination changes options IPFIREWALL_FORWARD_EXTENDED #all packet dest changes options IPDIVERT #divert sockets TIA __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com